Attacking Password Resets with Host Header Injection

00:00 – Introduction talking a little bit about
00:55 – Using Extension to show a legitimate password reset
01:50 – Modifying the host header and showing the website uses that in the sent email
02:40 – Talking about mail filters auto-clicking links, which means user interaction isn’t always required
03:30 – Sending a password reset to one of my personal emails, to show a mail filter auto clicks the link
04:40 – Got our click! Checking the IP Address to show it was a bot
06:00 – Showing how easy this vulnerability can occur by having OpenAI Build us code!
07:45 – Verifying the code was indeed vulnerable
08:45 – Asking the AI ways to protect against this type of attack, the best way is to put a whitelist on valid domains used to generate password reset links
10:37 – Talking about the other ways to protect against this attack